Re: Defining Roles, Groups?

On Aug 26, 5:26 am, Dominick Baier
<dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
The roles system was not designed for multi client applications -. you will
get something much better suited for your scenario by simply writing your
own roles management...

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

Hi,
I want to use the default SqlMembershipProvider and SqlRolesProvider
for an
ASP.NET app. and I want to avoid writing Custom Providers if I can.
The problem I have is how to define the roles in the first place!
We have some standard User roles: Viewer, Author and Editor. But we
have
various clients and some users need to have a different role according
to
client ie. User Bob will have a Viewer role for Client A data BUT an
Author
role for Client B data.
Obviously, I don't want to create a role for every combination eg.
ClientAViewer, ClientBViewer, ClientCViewer, ClientAAuthor etc. etc.
and we dont want to force users to have a different username for each
client.

But if I want to use the default SqlRolesProvider, I don't see what
else I can do. Or am I just approaching this in the wrong way?

Thanks,
Adam

After some more research, curious if the Profile Provider may be a
better solution. Seems that CardSpace may be overkill for this, plus
may not do what really wanted.. Not sure if my scenario is like
Adam's, but basically I am using Windows Authentication. I also need
to store different access levels for different users, and the access
levels for a user may be change depending upon his current role in the
application. So, really I may need to define my own data storage for
these users and just check their permissions explicitly using custom
code. Was trying to avoid writing a user management database,
especially one that has to keep in sync with the user's Active
Directory entry. Profiles seem to maybe take care of this for you.

Dominick, any thoughts on this?

I suppose would still have to write custom user management software to
get the values into the profiles.

Ron

.

Relevant Pages

  • Re: Denormalizing for form only
    ... familiar to Excel users, as you already know, it isn't necessary ... So your position is to force the client to adapt to how Access ... Proper table design makes it way easier to ... reading, and writing. ...
    (microsoft.public.access.forms)
  • Writing a windows service with a socket interface.
    ... I'm writing a windows service that is accessible via sockets. ... and sends a response back to the client. ... Are there any good resources on writing windows services with socket ... Or perhaps if the IP address of the server was modified while the ...
    (microsoft.public.dotnet.framework)
  • Re: Strange NFS write performance Linux->Solaris-10/VXFS, maybe VW related
    ... Strange NFS write performance Linux->Solaris-10/VXFS, ... get buffered on the client. ... If you can confirm that the server is actually writing stuff to ...
    (Linux-Kernel)
  • efficient network transfer
    ... i'm writing a proxy for file transfers. ... one client sends a file to the proxy which forwards it to ... file transfers also, so saving the whole file in memory and writing to ...
    (comp.lang.java.programmer)
  • Re: Running Software
    ... runsrealfast wrote: ... Are you guys using online tool or a client based ... I was considering just writing my own (then I could have it ...
    (rec.running)